[39683] in North American Network Operators' Group
Re: Cisco, Qwest, Cert, NIPC (was Re: Code Red -> Router Memory depletion? )
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Fri Jul 20 00:27:22 2001
From: "Marshall Eubanks" <tme@21rst-century.com>
Reply-To: tme@21rst-century.com
To: Sean Donelan <sean@donelan.com>, nanog@merit.edu
Cc: tech@multicasttech.com
Date: Fri, 20 Jul 2001 01:01:46 -0400
Message-id: <3b57bb3a.2d12.0@idsonline.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
>
>The Code Red traffic is starting to have a measureable impact on
>global Internet traffic. The Internet Health Report (Keynote)
>and the Internet Weather Report (Matrix) are showing packet loss
>increasing and reachability decreasing throughout the afternoon.
>Latency didn't start increasing until this evening.
>
>Keynote is showing problems in QWEST's network, and Slashdot
>is reporting that QWEST has widely deployed a version of the
>Cisco 67x DSL router which is vulnerable to a HTTP data
>corruption error caused byt the worm.
>
>http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
>
>CERT/CC and the National Information Protection Center issued
>advisories today. I don't know at what time, since it hasn't
>appeared in my e-mail yet. But it is available on the NIPC
>and CERT/CC web sites.
>
>http://www.nipc.gov/
>http://www.cert.org/
>
>
Sean;
Is there any evidence that the worm attacks are quasi
periodic ? I saw
waves of packet loss on vBNS to Columbia U. this afternoon in multicast, with
bad loss roughly every one minute out of 5 or so.
This happened much of the afternoon, and is pretty unusual.
Regards
Marshall Eubanks
